Security Engineer

This is your opportunity to join AXIS Capital - a trusted global provider of specialty lines insurance and reinsurance. We stand apart for our outstanding client service, intelligent risk taking and superior risk adjusted returns for our shareholders. We also proudly maintain an entrepreneurial, disciplined and ethical corporate culture. As a member of AXIS, you join a team that is among the best in the industry.

At AXIS, we believe that we are only as strong as our people. We strive to create an inclusive and welcoming culture where employees of all backgrounds and from all walks of life feel comfortable and empowered to be themselves. This means that we bring our whole selves to work.

All qualified applicants will receive consideration for employment without regard to race, color, religion or creed, sex, pregnancy, sexual orientation, gender identity or expression, national origin or ancestry, citizenship, physical or mental disability, age, marital status, civil union status, family or parental status, or any other characteristic protected by law. Accommodation is available upon request for candidates taking part in the selection process.

We are seeking a highly motivated and skilled Security Engineer to join our Security Architecture and Engineering team. This role is critical in designing, implementing, and continuously improving security controls across our infrastructure, networks, applications, and cloud environments. You will play a key role in embedding security throughout the Software Development Lifecycle (SDLC), championing secure coding practices, and driving a shift-left security culture.

• Assist in the design and implementation of secure architectures across hybrid and cloud environments.
• Support the integration of security into the Software Development Lifecycle (SDLC), embedding controls from design through deployment.
• Help deploy, configure, and optimize SAST, DAST, and container security tools to automate vulnerability detection and remediation.
• Champion "shift-left" security by collaborating with developers to embed secure coding practices and perform threat modelling early in the development process.
• Work with DevOps and platform teams to integrate security into CI/CD pipelines.
• Participate in designing and enforcing network security controls, including segmentation, firewall rules, VPNs, and zero-trust network access (ZTNA).
• Support the development and maintenance of Identity and Access Management (IAM) strategies, including RBAC, ABAC, SSO, MFA, and Privileged Access Management (PAM).
• Assist in conducting architecture reviews, threat modeling, and risk assessments using frameworks such as MITRE ATT&CK, STRIDE, and OWASP ASVS.
• Contribute to defining and implementing security baselines using CIS Benchmarks and automate compliance checks through policy-as-code.
• Collaborate with application and infrastructure teams to secure APIs, microservices, and serverless functions.
• Monitor and respond to security events using cloud-native security tools, supporting incident response investigations.
• Support the implementation of tools and technologies to enhance detection, prevention, and response capabilities.
• Help maintain documentation of security architectures, standards, and procedures; contribute to security awareness and training initiatives.
• Stay up to date with emerging threats, vulnerabilities, and regulatory changes; proactively recommend and implement improvements.
• Support internal and external audits by providing evidence of security controls and remediation plans.

You may also be required to take on additional duties, responsibilities and activities appropriate to the nature of this role.

We encourage you to bring your own experience and expertise to the table, so while there are some qualifications and experiences, we need you to have, we are open to discussing how your individual knowledge might lend itself to fulfilling this role and help us achieve our goals.

• Bachelor's degree in computer science, Cybersecurity, or related field (or equivalent experience).
• 3-5 years of experience in security engineering, architecture, or DevSecOps roles.
• Strong understanding of network protocols, firewalls, VPNs, and secure infrastructure design.
• Hands-on experience with SAST/DAST tools.
• Proficiency in cloud security (Azure, AWS, or GCP), including native security services and IaC scanning.
• Familiarity with IAM concepts, including SSO, MFA, OAuth2, and directory services.
• Experience with Infrastructure as Code (IaC) tools like Terraform or ARM templates.
• Knowledge of security frameworks and standards: CIS Controls, MITRE ATT&CK, OWASP, NIST, ISO 27001/2.
• Strong communication and collaboration skills, with the ability to influence engineering teams and articulate security risks to both technical and non-technical stakeholders.

• Cloud Security Expertise: Experience with cloud-native security tools and services such as CSPM tooling and cloud workload protection platforms (CWPPs).
• Container & Kubernetes Security: Familiarity with securing containerized environments, understanding of Kubernetes RBAC, network policies, and admission controllers.
• Security Automation & Orchestration: Proficiency in scripting (Python, PowerShell, Bash) to automate security tasks.
• DevSecOps & CI/CD Integration: Hands-on experience embedding security into CI/CD pipelines using tools like GitHub Actions, GitLab CI, Jenkins, or Azure DevOps.
• Threat Intelligence & Detection Engineering: Familiarity with threat intelligence platforms (TIPs), MITRE ATT&CK mapping.
• Preferred Security Certifications: CISSP, CCSP, OSCP, GPEN, AWS/Azure/GCP Security Specialty certifications

For this position, in the US we currently expect to offer a base salary in the range of $101,000 to $135,000 (NY), $85,000 to $115,000 (GA), $97,000 to $130,000 (NJ) .

You will be eligible for a comprehensive and competitive benefits package which includes medical plans for you and your family, health and wellness programs, retirement plans, tuition reimbursement, paid annual leave, and much more.

Where this role is based in the United States of America, this role is Exempt for FLSA purposes.